Description
A vulnerability was detected in unitedbyai droidclaw up to 0.5.3. The affected element is an unknown function of the file server/src/routes/pairing.ts of the component claim Endpoint. The manipulation results in improper restriction of excessive authentication attempts. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-06-01
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Unite by AI’s DroidClaw application contains a flaw in the claim Endpoint, specifically in the function within server/src/routes/pairing.ts, that fails to properly limit excessive authentication attempts. An attacker can repeatedly try to authenticate, potentially exhausting server resources or bypassing account protections. This weakness does not grant code execution but directly undermines account security and could enable credential stuffing or brute‑force attacks.

Affected Systems

UnitedbyAI DroidClaw, versions up to 0.5.3. Any installation that has not yet updated to a newer major release is vulnerable.

Risk and Exploitability

The CVSS score of 6.3 places the vulnerability in the medium range, and the public exploit is reported as difficult to execute but still available for remote attackers. Because the exploit is not listed in the CISA KEV catalog and EPSS data is unavailable, the likelihood remains uncertain, yet the high complexity and remote nature of the attack suggest that mitigations should be applied promptly to reduce the risk of repeated authentication attempts.

Generated by OpenCVE AI on June 1, 2026 at 05:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update DroidClaw to the latest version (0.5.4 or later) once the vendor releases a fix.
  • Configure account lockout or rate‑limiting policies on the authentication endpoint to throttle repeated login attempts.
  • Implement monitoring and alerting for abnormal authentication traffic to detect brute‑force attempts early.

Generated by OpenCVE AI on June 1, 2026 at 05:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 04:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in unitedbyai droidclaw up to 0.5.3. The affected element is an unknown function of the file server/src/routes/pairing.ts of the component claim Endpoint. The manipulation results in improper restriction of excessive authentication attempts. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is described as difficult. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Title unitedbyai droidclaw claim Endpoint pairing.ts excessive authentication
First Time appeared Unitedbyai
Unitedbyai droidclaw
Weaknesses CWE-307
CWE-799
CPEs cpe:2.3:a:unitedbyai:droidclaw:*:*:*:*:*:*:*:*
Vendors & Products Unitedbyai
Unitedbyai droidclaw
References
Metrics cvssV2_0

{'score': 2.6, 'vector': 'AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 3.7, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Unitedbyai Droidclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-01T02:30:10.226Z

Reserved: 2026-05-31T07:34:28.650Z

Link: CVE-2026-10216

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-01T04:16:20.340

Modified: 2026-06-01T04:16:20.340

Link: CVE-2026-10216

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T05:30:21Z

Weaknesses